Shortly after our first article on the DOL Fiduciary Rule the White House issued an Executive Order that requires the Department of Labor (the "DOL") to revisit the Fiduciary Rule (the "Fiduciary Rule" or the "Rule") and the Prohibited Transaction Exemptions (the "PTEs") that were amended alongside it. President Trump's Executive Order requires the DOL to determine if the rule will adversely affect retirement investors or financial firms. If the answer is yes, the expectation is that the Fiduciary Rule and the related PTEs will not survive as currently written, and the DOL will rescind or revise the Rule. Read More ›

In 2016 Lansing, MI's Board of Water and Light fell victim to a cyber-attack that resulted in $2.4 million in costs, including a $25,000 ransom paid to the perpetrators. In the aftermath of the breach, BWL announced that it was filing for a $1.9 million insurance claim under its cyber insurance policy, including $2 million in covered losses, less a $10,000 deductible.

There is a lot at stake for businesses when it comes to cyber-crime, which is why more and more businesses are investigating and purchasing cyber insurance to hedge against the risks associated with cyber security and data privacy. Read More ›

With a sea of political change in Washington this year, many are speculating on what regulatory reforms the Trump administration and a Republican Congress will make in 2017. One reform in particular is commonly mentioned: a repeal, delay, or revision of the new Department of Labor ("DOL") fiduciary rule (the "Fiduciary Rule"). Given that the Trump administration is widely seen as anti-regulation, and the Fiduciary Rule is one of the most sweeping pieces of regulation regarding retirement investors and the financial industry since the implementation of the Employee Retirement Income Security Act ("ERISA") in 1974, speculation about the Fiduciary Rule's impending review and revision are not unfounded. Read More ›

The U.S. Copyright Office recently implemented new rules (the “Rules”) governing the designation and maintenance of Digital Millennium Copyright Act (“DMCA”) agent information under a new electronic system. The Rules went into effect on December 1, 2016, so electronic designations should be filed as soon as possible. Service providers who fail to submit electronic designations will be ineligible for the safe harbor protections from copyright-infringement liability provided by the DMCA. Read More ›

No matter how carefully, thoughtfully and diligently a company works to prevent it, data breaches happen. Company management, IT teams and outside consultants can do everything right and still end up dealing with a breach. That means that knowing how to best respond when (not if) a breach happens should be part of every company’s data protection strategy.

We recommend that every company assemble a security breach team, consisting of individuals inside and outside of the organization who possess different skill sets. This may include technology officers, as well as staff from IT, human resources, communications, legal departments, outside counsel, and outside vendors. The composition of the team will depend on the type and size of the organization, but each member should be in a position and have skills that enable the organization to quickly and properly respond to an incident. The team must also be equipped, authorized and empowered to evaluate and immediately react to an incident once it has occurred. Read More ›

According to the Department of Justice (the “DOJ”), an estimated 17.6 million Americans aged 16 or older were victims of at least one attempt or incident of identity theft in 2014. Identity theft takes many forms - from stealing someone’s identity to obtain government benefits to creating new financial accounts in another person’s name. The most frequent type of identity theft - 80 percent of all cases according to the DOJ - involves someone trying to take over an existing bank or credit card account. Tax-related fraud is also on the rise.

We are all at risk of identity theft. It seems like a week never goes by without a news report about a data breach at a major retailer or bank. Unfortunately, most people who are victims of identity theft - or suspect they might be - are not aware of the steps they should take to mitigate the harm from the theft.

This article identifies the steps that a person whose social security number is compromised should immediately take upon learning of a problem, as well as actions to take to protect against the risk of identity theft in the future. Read More ›

We recently wrote about how a Cyberattack on Lansing, Michigan's Board of Water and Light ("BWL") resulted in costs nearing $2 million for technical support and equipment upgrades. In fact, BWL's total costs have now stretched to $2.4 million, including a $25,000 ransom paid to the attackers. These facts underscore that the costs of such attacks can be enormous, especially when ransomware is involved. Read More ›

A recent decision by the U.S. Court of Appeals for the Sixth Circuit (the “Sixth Circuit”) may make it easier for plaintiffs to bring costly lawsuits against companies that allow sensitive data to fall into the wrong hands. Most troubling from a company's perspective, the Sixth Circuit used language that some states legally require in data breach notification letters to justify allowing the case to move forward. Read more about this case here.

It sounds like something out of a Hollywood screenplay: foreign hackers, possibly from Russia, induce an unsuspecting employee of a major utility company to click on an email attachment that is infected with malware, enabling the hackers to cripple the utility’s computer systems unless a ransom is paid. Unfortunately, this story is fact, not fiction. Read More ›

On June 21, 2016, the Federal Aviation Administration (“FAA”) released its much-awaited operational rules for drones. We have been tracking these rules for the last year. The biggest change from the proposed rules to final rules is that the final rules eliminate the need for commercial drone operators to obtain a manned aircraft pilot's license. Instead, drone operators will have to pass a knowledge test for unmanned aircraft. The test will be administered at FAA approved testing centers nationwide. Read More ›